Google ads push malicious CPU-Z app from fake Windows news site

Google ads push malicious CPU-Z app from fake Windows news site

November 9, 2023 at 11:22AM

Google Ads has been exploited by a threat actor to distribute a trojanized version of the CPU-Z tool, delivering the Redline info-stealing malware. The campaign uses a cloned copy of the legitimate site WindowsReport to host a malicious advertisement. Clicking on the ad leads to a redirect process that tricks Google’s anti-abuse crawlers. The malware is disguised as a digitally-signed CPU-Z installer and downloads the Redline Stealer payload, capable of collecting sensitive data. Users are advised to be cautious when clicking on promoted search results in Google and to use ad-blockers for added protection.

Key Takeaways from Meeting Notes:

1. A threat actor is using Google Ads to distribute a trojanized version of the CPU-Z tool, delivering the Redline info-stealing malware.
2. The campaign is believed to be part of a previous operation that used Notepad++ malvertising.
3. The malicious Google advertisement is hosted on a cloned copy of the legitimate Windows news site WindowsReport.
4. Clicking on the ad redirects the victim to a Windows news site lookalike hosted on various domains.
5. The clone of a legitimate site adds another layer of trust to the infection process.
6. Clicking the ‘Download now’ button results in a digitally-signed CPU-Z installer containing the FakeBat malware loader.
7. The loader fetches the Redline Stealer payload from a remote URL and launches it on the victim’s computer.
8. Redline Stealer can collect passwords, cookies, browsing data, and sensitive information from cryptocurrency wallets.
9. Users should be cautious when clicking on promoted results in Google Search and verify if the loaded site and the domain match.

Recommendations:
1. Educate users to be vigilant when clicking on Google Ads and to verify the loaded site and domain.
2. Encourage users to use an ad-blocker that can automatically hide malicious ads.
3. Regularly update antivirus software and security tools to minimize the risk of malware infections.
4. Keep users informed about the latest threats and provide guidelines to protect against them.

Full Article